MailEnable Enterprise Premium Authorization Bypass Vulnerability in WebAdmin Mobile Portal

Vulnerability

A vulnerability allowing authorization bypass has been identified in MailEnable Enterprise Premium versions through 10.55. This issue resides in the WebAdmin mobile portal, where attackers can exploit authentication checks by reusing AuthenticationToken cookies from low-privileged users. The tokens can be obtained from the WebMail login endpoint using the PersistentLogin parameter and then replayed in the WebAdmin portal to execute high-privilege administrative actions.

Impact

Exploitation of this vulnerability allows for unauthorized access to administrative functions within the WebAdmin mobile portal, potentially leading to unauthorized changes or actions on the server.

Added: May 8, 2026, 10:03 PM

Updated: May 8, 2026, 10:03 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

0.0

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

0.0

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MailEnable Enterprise Premium Authorization Bypass Vulnerability in WebAdmin Mobile Portal

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating